FCC proposes new robocall rules for gateway providers
The FCC issued a Further Notice of Proposed Rulemaking (FNPRM) on robocalls and SHAKEN. The new rules would place additional requirements on gateway voice service providers to prevent unlawful robocalls originated overseas from entering the U.S. Here’s an overview.
Gateway service providers are bound by the following rules for calls with U.S. calling numbers that they bring into the U.S. telephone network:
- Pass along preexisting authenticated caller ID information unaltered
- Participate in traceback
- Take steps to mitigate illegal traffic when notified of such traffic by the Commission.
Starting September 28, 2021, all providers, including gateway providers, will be required to refuse calls with U.S. calling numbers received directly from upstream providers that do not have a robocall mitigation certification on file in the Robocall Mitigation Database (RMD).
As intermediate providers, gateway providers are also required to authenticate unsigned calls. However, this requirement is waived if they cooperate with traceback requests.
Under the proposed rules, gateway providers would be required to:
- Authenticate all unsigned SIP calls
- Employ robocall mitigation techniques on calls with U.S. calling numbers that they allow into the U.S. The FNPRM specified some aspects of robocall mitigation to include:
- 24-hour traceback response
- Mandatory blocking of all traffic associated with the traffic pattern identified in a notice from the Enforcement Bureau.
The FNPRM defines gateway providers as the first U.S.-based intermediate provider in the call path of a foreign-originated call that transmits the call to another intermediate or terminating provider in the U.S. This determination is made on a call-by-call basis.
Request for comments
The FNPRM includes many questions and an invitation for comment. We won’t list all the questions, but here are a few that caught our eye:
- Is authentication more costly for gateway providers compared to other providers?
- Should the non-IP extension apply to gateway providers, or should the FCC mandate that gateway providers with non-IP network technology implement a non-IP authentication technology, such as Out-of-Band SHAKEN?
- The FNPRM cited our press release announcing that ATIS approved two standards for non-IP call authentication.
- Would a deadline for SHAKEN compliance on March 1, 2023, be reasonable?
- Should the FCC grant extensions or exemptions to any categories of gateway providers?
- Should the Know-Your-Customer requirement apply to the originating or next upstream intermediate provider?
- Would a deadline for Know-Your-Customer compliance 30 days after publication be reasonable?
The Fifth Further Notice of Proposed Rulemaking in CG Docket No. 17-59 and Fourth Further Notice of Proposed Rulemaking in WC Docket No. 17-97 is available online. It’s on the agenda for discussion at the FCC Open Commission meeting on September 30, 2021.
In our view, the most notable part of this FNPRM is how it combines robocall mitigation with STIR/SHAKEN call authentication. This makes sense. Neither is sufficient without the other. They are most effective when used together.
Does this usher in a new phase of the battle against unlawful robocalls, where Commission rules require both robocall mitigation and call authentication more broadly? We shall see.
The question about non-IP call authentication caught our attention. We’re strong advocates of Out-of-Band SHAKEN and have included it in our SHAKEN solutions. It works great, and it’s a powerful addition to a standard STIR/SHAKEN solution.
To be fair, however, the ATIS Non-IP Call Authentication Task Force developed and approved two standards-based methods for non-IP call authentication. Both are compatible with the STIR/SHAKEN ecosystem:
We say yes, the Commission should require call authentication for non-IP calls—but not just for gateway providers. Every service provider using non-IP technology should be doing this. Providers can upgrade their non-IP network portions to IP, or they can use either of these standardized methods at non-IP portions of their network. Some providers might take all three approaches across various parts of their network as they see fit.
Service providers with all-IP switches and interconnects don’t have to do anything—the non-IP SHAKEN methods are compatible with the standard SHAKEN systems they’re currently using.
SHAKEN and robocall mitigation are much more effective when everyone’s doing it.
In addition, we help service providers with all aspects of STIR/SHAKEN deployment, including registering with the Policy Administrator and filing their certification with the FCC.
Contact us today to learn more.
This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.
Our STIR/SHAKEN products:
- Work with your existing network
- Support SIP and TDM
- Affordable, easy to deploy